As a product owner, I want document separation of duties to meet AC-05 security control

[shubhi-raft]

Description:
This issue will deliver documentation and demo on how separation of duties will be maintained to meet security control, AC-05.

Acceptance Criteria:

• Documentation user roles with list of permissions and account management to meet AC-05 is is documented in docs (with screenshots of Django Admin Control (DAC) if applicable)
• Demo of user roles to show separation of duties using Django Admin Control (DAC)

Tasks:
Create a list of granular, specific work items that must be completed to deliver the desired outcomes of this issue

• Task 1
• Task 2
• Task 3
• Run Testing Checklist and confirm all tests pass

Notes:

• AC-05 security control:
  The organization:
  a. Separates [at a minimum, data creation and control, software development and maintenance, and security functions];
  b. Documents separation of duties of individuals; and
  c. Defines information system access authorizations to support separation of duties.

• To meet

• document user roles with list of permissions, account management,

• backend can demo separation of duties (demo of documented user role with permissions)

Supporting Documentation:
Please include any relevant log snippets/files/screen shots

• Doc 1
• Doc 2

Open Questions:

• NA

Deliverable:

• PR
  • Note: Screenshots are not included in the PR
• User roles were demoed while demoing As an OFA Admin, I need a list of MVP roles in the database to assign to new users #309

[kniz-raft]

Duplicate with #587, moving to a different organizational method to track security control documentation (each security control family will be an epic, each control will be an issue under that epic)